Re: Re: adding multiple SSLCACertificateFile in vhost.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Re: adding multiple SSLCACertificateFile in vhost.conf
From: saibaba Duggirala <saibaba_dug@xxxxxxxxx>
Date: Thu, 8 Mar 2007 13:13:49 -0800 (PST)
In-reply-to: <45F0787F.8050000@xxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

What if the second cert we took from a diff company

In general the server should be able to support multiple CA certificate files right?Our web browsers does that now -isn't it -correct me please if I am wrong

so in vhost.conf for scurehttps the following should be able to work -right

#old one

SSLCACertificateFile conf/ssl/nsm_ca.crt

#new one
SSLCACertificateFile conf/ssl/Commercial_CPE_Root_Cert.pem

#these are left as before

SSLCertificateFile conf/ssl/nsm.crt

SSLCertificateKeyFile conf/ssl/nsm.key

SSLCertificateChainFile conf/ssl/nsm.crt

matt farey <matt.farey@xxxxxxxxx> wrote:

Dan_Mitton@xxxxxxxxxxxxx wrote:
>
> Why would you need to support both SSL certificates? From what I've
> seen (at least with Verisign) when you renew a certificate, it adds
> the renewal period to the end of your current expiration period, but
> is valid from the date you renew! As soon as you get the new
> certificate, you should be able to use it. You don't need to wait for
> the old one to expire to do the swap.
>
>
good point!

> Please respond to users@xxxxxxxxxxxxxxxx
>
> To: users@xxxxxxxxxxxxxxxx
> cc: (bcc: Dan Mitton/YD/RWDOE)
> Subject: Re: Re: adding multiple
> SSLCACertificateFile in vhost.conf
>
>
> LSN: Not Relevant
> User Filed as: Not a Record
>
>
>
> saibaba Duggirala wrote:
> > yes, more than one SSL enabled
> > servername on a single IP address, single NIC
> >
> > The cureent certificate is expiring in couple of months so we want to
> > seamleesly support the current one until it expires along with the new
> > one
> >
> >
> as far as I am aware SSL certs cannot be combined on a single IP, you
> need to either use 2 NICs or use IP aliasing to bind 2 IP addresses to a
> single NIC, and then in your vhost conf you can set up the certs one
> each per IP, here's a short article:
> http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources
> matt
>
> > */matt farey /* wrote:
> >
> >
> >
> > saibaba Duggirala wrote:
> > > hi,
> > > can anyone please let me know what is the procedure to add
> multiple
> > > SSLCACertificateFile in vhost.conf in apache
> > >
> > > So far we have been using only one file, shown below in vhost.conf
> > > SSLCACertificateFile conf/ssl/nsm_ca1.cr
> > >
> > > We would like to use another root certificate along with the
> > above one
> > > , so is it as simple as adding another line like above
> > > SSLCACertificateFile conf/ssl/nsm_ca_2.cr in vhost file or is
> there
> > > something else that I should be doing
> > >
> > >
> > > Thanks,
> > > saibaba
> > >
> > > Get your own web address.
> > >
> > > Have a HUGE year through Yahoo! Small Business.
> > >
> >
> >
> > depends on your setup, are you trying to host more than one SSL
> > enabled
> > servername on a single IP address, single NIC, or what?
> >
> >
> > --
> > Matthew Farey
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
> > Sucker-punch spam
> >
>
> > with award-winning protection.
> > Try the free Yahoo! Mail Beta.
> >
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>

--
Matthew Farey

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.

Follow-Ups:
- Re: Re: adding multiple SSLCACertificateFile in vhost.conf
  - From: Krist van Besien
- Re: Re: adding multiple SSLCACertificateFile in vhost.conf
  - From: matt farey

References:
- Re: Re: adding multiple SSLCACertificateFile in vhost.conf
  - From: matt farey

Prev by Date: Re: Re: adding multiple SSLCACertificateFile in vhost.conf
Next by Date: rewrite safety? is it possible to DoS apache with mod_rewrite?
Previous by thread: Re: Re: adding multiple SSLCACertificateFile in vhost.conf
Next by thread: Re: Re: adding multiple SSLCACertificateFile in vhost.conf
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]